Thursday, April 7, 2011

The Kremlin's Online Hit Squad - The Nashi - Attacks LiveJournal.com

The popular Russian blogging site LiveJournal.com has been under heavy DDoS attacks from at least two different botnets over the last couple of weeks targeting high profile political dissident and anti-corruption blogger Alexey Navalny as well as other controversial sites. Maria Gamaeva of Kaspersky Labs provides a list of the targets that they were able to pull from one of the botnets used in the attack (the Optima/Darkness botnet).

This apparently all began when Navalny began attacking the current ruling political party (United Russia) by calling them the party of swindlers and thieves. Retaliation followed in the form of spamming Navalny's blogs with derogatory comments. At least one advertisement was found online which offered $14,000 rubles per month for individuals to continue the campaign against Navalny, according to Maria Antonova writing for the AFP news agency. Antonova wrote that many bloggers suspected the Nashi to be responsible for the attacks against Navalny and LiveJournal.

The Nashi was the brainchild of Vladislav Surkov, Chief Ideologue and First Deputy Chief of Staff of the President of the Russian Federation Dmitry Medvedev. Shortly after the Russia Georgia War of 2008, Surkov reportedly told a roomful of Russian spin doctors that "August, 2008 was the starting point of the virtual reality of conflicts and the moment of recognition of the need to wage war in the information field too."("Information Warfare Chronicles" (Yevropa, 2009)).

As I wrote in my book "Inside Cyber Warfare", Surkov intends to use Nashi to enforce the Kremlin’s will regarding RUNET communications, i.e., “Ensure the domination of pro-Kremlin views on the Internet” (published by The New Times Online in Russian, 16 Feb 09). In March, 2009, Surkov
organized a conference with about 20 key people in the Russian blogging community, as well as leaders of the aforementioned youth organizations, some of whom include:
• Maksim Abrakhimov, the Voronezh commissar of the Nashi movement and blogger
• Mariya Drokova, Nashi commissar and recipient of the Order for Services to the Fatherland Second Class medal for her “energetic” work in the area of youth policy
• Mariya Sergeyeva, leader of the United Russia youth wing Young Guard
• Samson Sholademi, popular Russian blogger
• Darya Mitina, former state duma deputy and Russian Communist Youth Union leader

Other attendees included Russian spin doctors who specialize in controlling the messages communicated via the blogosphere. The objective was to work out a strategy for information campaigns on the Internet. It is formulated like this: “To every challenge there should be a response, or better still, two responses simultaneously.” A source who is familiar with the process of preparations for the meeting explained:

If the opposition launches an Internet publication, the Kremlin should respond by launching two projects.

If a user turns up on LiveJournal talking about protests in Vladivostok, 10 Kremlin spin doctors should access his blog and try to persuade the audience that everything that was written is lies.

The Nashi is run by the office of the Federal Agency of Youth Affairs' chairman Vasily Yakemenko, who is also the co-founder of the group. Yakemenko's office provides partial funding and is an activist himself. In fact, he's not able to travel in the EU after being declared "persona non grata" by Estonia after organizing a blockade of the Estonian embassy in Moscow in 2007.

The Nashi's other powerful financial supporter is none other than Alisher Usmanov, the largest single shareholder of Facebook investor DST-Global, Inc. who's chairman is Silicon Valley's favorite Russian venture capitalist Yuri Milner. Nashi members have been involved in numerous organized cyber attacks against both external and internal targets which oppose the interests of Russia's leadership. A Nashi commissar claimed responsibility for the Estonia 2007 attacks and numerous cyber attacks as well as physical demonstrations have been mounted against Georgia and Georgian activists in 2008 and 2009.

I expect to see an increase in Nashi attacks as the RF Parlimentary elections in December draw closer. In the meantime, a LiveJournal.com support rally is scheduled for tomorrow April 8th at the SUP offices to encourage bloggers to find other ways to communicate in spite of the LJ outages.

UPDATE #1 (7 APR 2011): AFP reports that President Medvedev posted a condemnation of the attacks against Live Journal today.

UPDATE #2 (8 APR 2011): Novaya Gazeta reports a massive DDoS attack today. The paper often publishes articles critical of the United Russia party. In November 2008 it fired Russian Security Services writer Andrei Soldatov of Agentura.ru for unknown reasons although political pressure is suspected.

1 comment:

Again, the nexus of internal repression, external aggression, cyber-crime and government. Interestingly, the attacks on Georgia honed the organization for this set of attacks. Another interesting development is that the recent attacks on LJ and NG reflect the decomposition of the Russian state. The siloviki appear to be running this one!